1611
|
7.5 |
HIGH
Network
golang
|
go
|
Processing an incomplete post-handshake message for a QUIC connection can cause a panic.
|
NVD-CWE-noinfo
|
CVE-2023-39321
|
2024-09-27 03:35 |
2023-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1612
|
7.5 |
HIGH
Network
hexo
|
hexo
|
Hexo up to v7.0.0 (RC2) was discovered to contain an arbitrary file read vulnerability.
|
NVD-CWE-noinfo
|
CVE-2023-39584
|
2024-09-27 03:35 |
2023-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1613
|
7.5 |
HIGH
Network
buffalo
|
terastation_nas_5410r_firmware
|
An Issue in Buffalo America, Inc. TeraStation NAS TS5410R v.5.00 thru v.0.07 allows a remote attacker to obtain sensitive information via the guest account function.
|
NVD-CWE-noinfo
|
CVE-2023-39620
|
2024-09-27 03:35 |
2023-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1614
|
9.8 |
CRITICAL
Network
trendylogics
|
crypto_currency_tracker
|
Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9.5 allows unauthenticated attackers to register as an Admin account via a crafted POST request.
|
NVD-CWE-Other
|
CVE-2023-37759
|
2024-09-27 03:35 |
2023-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1615
|
5.4 |
MEDIUM
Network
|
muffingroup
|
betheme
|
The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 27.5.5 due to insufficient input sanitization and output escapi…
|
CWE-79
Cross-site Scripting
|
CVE-2024-5567
|
2024-09-27 03:27 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1616
|
7.5 |
HIGH
Network
hashicorp
|
nomad
|
HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerabi…
|
CWE-610
Externally Controlled Reference to a Resource in Another Sphere
|
CVE-2024-1329
|
2024-09-27 03:15 |
2024-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1617
|
8.8 |
HIGH
Network
|
sirv
|
sirv
|
The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sirv_save_prevented_sizes' function in al…
|
CWE-862
Missing Authorization
|
CVE-2024-8480
|
2024-09-27 03:13 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1618
|
8.8 |
HIGH
Network
|
bitapps
|
file_manager
|
The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'uplo…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-7770
|
2024-09-27 02:49 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1619
|
6.1 |
MEDIUM
Network
|
rocket.chat
|
rocket.chat
|
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting (XSS). Attackers may be able to abuse the UpdateOTRAck method to forge a message t…
|
CWE-79
Cross-site Scripting
|
CVE-2024-46934
|
2024-09-27 02:41 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1620
|
9.8 |
CRITICAL
Network
wpcom
|
wpcom_member
|
The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. This is due to the plugin allowing arbitrary data to be passed to wp_insert_…
|
NVD-CWE-noinfo
|
CVE-2024-7493
|
2024-09-27 02:41 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|